package com.nimbusds.common.ldap;

import com.nimbusds.common.config.CustomKeyStoreConfiguration;
import com.nimbusds.common.config.CustomTrustStoreConfiguration;
import com.nimbusds.common.ldap.LDAPConnectionException;
import com.unboundid.ldap.sdk.ExtendedResult;
import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.LDAPConnectionOptions;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.ResultCode;
import com.unboundid.ldap.sdk.ServerSet;
import com.unboundid.ldap.sdk.SingleServerSet;
import com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest;
import com.unboundid.util.ssl.KeyStoreKeyManager;
import com.unboundid.util.ssl.SSLUtil;
import com.unboundid.util.ssl.TrustAllTrustManager;
import com.unboundid.util.ssl.TrustStoreTrustManager;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import javax.net.SocketFactory;
import javax.net.ssl.SSLHandshakeException;

/* loaded from: input_file:com/nimbusds/common/ldap/LDAPConnectionFactory.class */
public class LDAPConnectionFactory {
    private final CustomTrustStoreConfiguration customTrustStore;
    private final CustomKeyStoreConfiguration customKeyStore;

    public LDAPConnectionFactory(CustomTrustStoreConfiguration customTrustStoreConfiguration, CustomKeyStoreConfiguration customKeyStoreConfiguration) {
        if (customTrustStoreConfiguration == null) {
            throw new IllegalArgumentException("The custom TLS/SSL trust store configuration must not be null");
        }
        this.customTrustStore = customTrustStoreConfiguration;
        if (customKeyStoreConfiguration == null) {
            throw new IllegalArgumentException("The custom TLS/SSL key store configuration must not be null");
        }
        this.customKeyStore = customKeyStoreConfiguration;
    }

    public CustomTrustStoreConfiguration getCustomTrustStoreConfiguration() {
        return this.customTrustStore;
    }

    public CustomKeyStoreConfiguration getCustomKeyStoreConfiguration() {
        return this.customKeyStore;
    }

    public static SSLUtil initSecureConnectionContext(CustomTrustStoreConfiguration customTrustStoreConfiguration, CustomKeyStoreConfiguration customKeyStoreConfiguration, boolean z) throws KeyStoreException {
        return new SSLUtil(customKeyStoreConfiguration.enable ? new KeyStoreKeyManager(customKeyStoreConfiguration.file, customKeyStoreConfiguration.password.toCharArray(), customKeyStoreConfiguration.type, (String) null) : null, z ? new TrustAllTrustManager(true) : customTrustStoreConfiguration.enable ? new TrustStoreTrustManager(customTrustStoreConfiguration.file, customTrustStoreConfiguration.password.toCharArray(), customTrustStoreConfiguration.type, true) : null);
    }

    public static SocketFactory getSocketFactory(LDAPConnectionSecurity lDAPConnectionSecurity, CustomTrustStoreConfiguration customTrustStoreConfiguration, CustomKeyStoreConfiguration customKeyStoreConfiguration, boolean z) throws LDAPConnectionException {
        if (lDAPConnectionSecurity != LDAPConnectionSecurity.SSL) {
            return null;
        }
        try {
            return initSecureConnectionContext(customTrustStoreConfiguration, customKeyStoreConfiguration, z).createSSLSocketFactory();
        } catch (KeyStoreException e) {
            throw new LDAPConnectionException("Key store exception: " + e.getMessage(), LDAPConnectionException.CauseType.KEYSTORE_ERROR, e);
        } catch (GeneralSecurityException e2) {
            throw new LDAPConnectionException("Couldn't create SSL socket factory: " + e2.getMessage(), LDAPConnectionException.CauseType.TLS_SSL_ERROR, e2);
        }
    }

    private void applyStartTLS(LDAPConnection lDAPConnection, boolean z) throws LDAPConnectionException {
        try {
            try {
                try {
                    ExtendedResult processExtendedOperation = lDAPConnection.processExtendedOperation(new StartTLSExtendedRequest(initSecureConnectionContext(this.customTrustStore, this.customKeyStore, z).createSSLContext()));
                    if (processExtendedOperation.getResultCode() != ResultCode.SUCCESS) {
                        lDAPConnection.close();
                        throw new LDAPConnectionException("StartTLS exception: " + processExtendedOperation.getDiagnosticMessage(), LDAPConnectionException.CauseType.STARTTLS_ERROR, null);
                    }
                } catch (LDAPException e) {
                    lDAPConnection.close();
                    Throwable cause = e.getCause();
                    if (cause != null && (cause instanceof SSLHandshakeException)) {
                        throw new LDAPConnectionException("Bad server X.509 certificate: " + e.getMessage(), LDAPConnectionException.CauseType.BAD_CERT, e);
                    }
                    throw LDAPConnectionException.parse(e);
                }
            } catch (GeneralSecurityException e2) {
                throw new LDAPConnectionException("TLS/SSL error: " + e2.getMessage(), LDAPConnectionException.CauseType.TLS_SSL_ERROR, e2);
            }
        } catch (KeyStoreException e3) {
            throw new LDAPConnectionException("Key store exception: " + e3.getMessage(), LDAPConnectionException.CauseType.KEYSTORE_ERROR, e3);
        }
    }

    public LDAPConnection createLDAPConnection(String str, int i, LDAPConnectionSecurity lDAPConnectionSecurity, int i2, boolean z) throws LDAPConnectionException {
        SocketFactory socketFactory = getSocketFactory(lDAPConnectionSecurity, this.customTrustStore, this.customKeyStore, z);
        LDAPConnectionOptions lDAPConnectionOptions = new LDAPConnectionOptions();
        lDAPConnectionOptions.setConnectTimeoutMillis(i2);
        return createLDAPConnection(new SingleServerSet(str, i, socketFactory, lDAPConnectionOptions), lDAPConnectionSecurity, z);
    }

    public LDAPConnection createLDAPConnection(ServerSet serverSet, LDAPConnectionSecurity lDAPConnectionSecurity, boolean z) throws LDAPConnectionException {
        try {
            LDAPConnection connection = serverSet.getConnection();
            if (lDAPConnectionSecurity != LDAPConnectionSecurity.STARTTLS) {
                return connection;
            }
            applyStartTLS(connection, z);
            return connection;
        } catch (LDAPException e) {
            throw LDAPConnectionException.parse(e);
        }
    }
}
